CVE-2007-1001

Description

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

References

http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1

http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup

http://docs.info.apple.com/article.html?artnum=306172

http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

http://rhn.redhat.com/errata/RHSA-2007-0155.html

http://secunia.com/advisories/24814

http://secunia.com/advisories/24909

http://secunia.com/advisories/24924

http://secunia.com/advisories/24945

http://secunia.com/advisories/24965

http://secunia.com/advisories/25056

http://secunia.com/advisories/25151

http://secunia.com/advisories/25445

http://secunia.com/advisories/26235

http://security.gentoo.org/glsa/glsa-200705-19.xml

http://us2.php.net/releases/4_4_7.php

http://us2.php.net/releases/5_2_2.php

http://www.mandriva.com/security/advisories?name=MDKSA-2007:087

http://www.mandriva.com/security/advisories?name=MDKSA-2007:088

http://www.mandriva.com/security/advisories?name=MDKSA-2007:089

http://www.mandriva.com/security/advisories?name=MDKSA-2007:090

http://www.novell.com/linux/security/advisories/2007_32_php.html

http://www.redhat.com/support/errata/RHSA-2007-0153.html

http://www.redhat.com/support/errata/RHSA-2007-0162.html

http://www.securityfocus.com/archive/1/464957/100/0/threaded

http://www.securityfocus.com/archive/1/466166/100/0/threaded

http://www.securityfocus.com/bid/23357

http://www.securityfocus.com/bid/25159

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.470053

http://www.vupen.com/english/advisories/2007/1269

http://www.vupen.com/english/advisories/2007/2732

https://exchange.xforce.ibmcloud.com/vulnerabilities/33453

https://issues.rpath.com/browse/RPL-1268

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10179

Details

Risk Information

CVSS v2.0